$.post('/api/addcomment',{content:'worm攻击xss+csrf'})